U.K. Digital Markets Competition and Consumer Bill Sets Out New Regime to Regulate Big Tech
Introduction
The U.K. Government’s much-awaited Digital Markets, Competition and Consumer Bill (DMCC Bill) published on 25 April 2023 and sets out far-reaching proposals to establish a new ex ante regulatory regime for digital markets. The new system which provides substantial fines for non-compliance really means business and is likely to transform the regulation of “Big Tech” in the U.K.
What the DMCC Bill mean for the regulation of digital markets in the U.K. and how does it compare with its equivalent EU legislation, the Digital Markets Act?
Regulation of Digital Markets
The flagship proposal in the DMCC Bill is the establishment of the new regulatory regime for digital markets. It will have a widespread impact on how digital markets are regulated in the U.K., and will set alongside and not replace competition law enforcement in this sector. It will be for the Competition and Markets Authority (CMA) to decide whether to regulate certain behaviour or conduct under its new digital market functions or competition law.
Strategic Market Status
The Digital Markets regime provides that the CMA may designate undertakings having a powerful market position in any digital activity in the UK as undertakings having Strategic Market Status (SMS) (together Designated Undertakings). To do so, the CMA must serve a notice on the undertaking concerned containing relevant details of the digital activity to be covered and its reasons for proposing the designation. The SMS investigation must also seek views of the undertaking and those of the public. At the end of the SMS investigation, which must last no longer than nine months, the CMA must publish a notice deciding whether to designate or not. Any designation lasts for five years.
Undertakings which can be designated as having SMS status under the DMCC Bill are defined as follows:
- Digital Activities: Undertakings must provide digital activities linked to the U.K. The definition of digital activities is extremely broad and encompasses any services or digital content provided over the internet or an electronic communications network. The link to the U.K. is satisfied if the undertaking, whether established in the U.K. or not, has a significant number of U.K. users or carries on digital activities in, or which have an immediate and substantial effect on, the U.K.; and
- Satisfy the SMS Conditions: The undertaking must enjoy substantial and entrenched market power and hold a position of strategic significance in connection with a digital activity; and
- Turnover Condition: The CMA cannot designate an undertaking with SMS unless the undertaking or the group to which it belongs has a worldwide turnover of at least £25 billion and a U.K. group turnover of at least £1 billion.
The CMA has considerable discretion under the legislation to decide which undertakings can be designated in light of the above criteria making it more manageable. In contrast, the EU, which oversees a similar digital markets regime under its Digital Markets Act, designates digital “gatekeepers” automatically based on certain turnover thresholds. There is a danger that the EU approach will create a regulatory monster which it does not have adequate resources to effectively police.
Conduct Requirements
The CMA may impose certain conduct requirements upon Designated Undertakings. It can decide to impose one or more relevant conduct requirements as defined in the DMCC Bill. The CMA can tailor the conduct requirements imposed individually for each Designated Undertaking based upon their individual businesses and circumstances allowing for a tailored approach. In contrast, the EU system for regulating the behaviour of “gatekeepers” is based on a “one-size-fits-all approach” enforcing a series of standard obligations and prohibitions.
Clauses 20(2) and 20(3) of the DMCC Bill set out a series of high-level obligations or prohibitions categories to which the individual conduct requirements must relate. Clause 20(2) provides that conduct requirements can cover obligations relating to trading on fair and reasonable terms, having effective complaint handling processes, providing accurate and clear information, providing adequate notice of changes to terms and conditions, and allowing users to change default settings. Clause 20(3) provides a list of prohibited behaviour around which individual requirements may be crafted, including preventing Designated Undertakings:
- applying discriminatory terms, conditions or policies
- self-preferencing (including access to data)
- leveraging market power
- tying undertakings products or services or digital content
- restricting interoperability or use of digital activity or other undertakings products
- using data unfairly
To impose a conduct requirement, the CMA must send the undertaking concerned a notice setting out the conduct requirement to be imposed and its reasoning, as well as stating when it will come into force and its duration. The conduct requirement process is again subject to a consultation process.
Breach of Conduct Requirements
If the CMA has reasonable grounds to suspect that a Designated Undertaking has breached a conduct requirement the CMA must give notice via a Breach Investigation to the Designated Undertaking stating the conduct requirement breached and details of the case against them, the anticipated length of the investigation and possible outcomes. A breach inquiry must last no longer than six months. The Designated Undertaking can make representations.
The CMA can close investigation without a decision if it believes there is no breach or if the behaviour concerned would give rise to benefits to users which outweigh their detrimental effect on competition (rather like an exemption procedure under Section 9 Competition Act 1998). Alternatively, the CMA can accept, at any time, commitments from the Designated Undertaking to remedy the breach. At the conclusion of the Breach Investigation the CMA must publish its findings via a Breach Decision and state whether there has been a breach and its reasoning.
Following a Breach Decision, the CMA can issue an enforcement notice stating the measures necessary to stop the breach and from preventing it from recurring. Like interim measures powers under competition law, the CMA may also issue Initial Enforcement Orders during a Breach Investigation to prevent significant damage to persons, to ensure the effectiveness of remedies, or to protect the public interest.
Pro-Competitive Interventions (PCI)
The DMCC Bill introduces a sort of “Market Investigation Lite” procedure designed to deliver fast remedies to digital markets where factors in a particular digital market are having an adverse effect on competition. These are called Pro-Competitive Interventions (PCI). The CMA may make a PCI following a PCI investigation. PCI investigations are started by notice from the CMA to the undertakings concerned stating the factors it considers are present to justify an investigation. The PCI investigation must last no longer than four months and the CMA must publicly consult before making a PCI. A PCI may take the form of one or both of the following:
- an order imposed on a Designated Undertaking relating to its conduct in relation to a specified digital activity; and/or
- recommendations to the U.K. Government or a public body about appropriate steps to be taken in respect of a Designated Undertaking or digital activity.
The CMA has the power to accept commitments as to their future conduct from Designated Undertakings at any time during a PCI Investigation.
Duty to Notify Mergers
Designated Undertakings and/their corporate groups (also known as a Designated Undertakings Group) have a duty to report qualifying transactions to the CMA before the event takes place. Qualifying Transactions are those under which a Designated Undertaking Group acquire shares or voting rights in a U.K.-connected body corporate (which carries on activities in the U.K.) of more than 15%, 25% or 50%, and where the consideration is at least £25 million. Special rules exist for joint ventures under which the acquisition of 15% or more of shares or voting rights are covered by the notification requirements provided the value threshold is also exceeded.
Upon receipt of a report by a Designated Undertaking Group, the CMA has five working days to confirm it has all the details relating to the transaction it needs. Once that confirmation has been received the Designated Undertaking or their corporate group must not allow the event to take place until after a further five working days period had elapsed. This waiting period is designed to allow the CMA to decide whether it wishes to call in a particular merger for review under the merger control provisions of the Enterprise Act 2002. This procedure is designed to improve transparency about Big Tech’s acquisitions and to allow the CMA to regulate them effectively. In the past, the CMA and the EU Commission have been criticized for allowing potentially anti-competitive digital mergers to slip through the regulatory net.
Penalties and Appeals for Breach
What marks the Digital Markets Regime out from other forms of sectoral regulation are the heavy competition law style damages that can be imposed by the CMA on Designated Undertakings in the course of carrying out its digital functions. This is a regime with teeth and technology companies should take it seriously.
The CMA may impose penalties of up to 10% of worldwide group turnover or 5% of daily worldwide group turnover by way of periodic penalty where a Designated Undertaking
breaches a competition requirement without reasonable excuse. Maximum penalties on individuals are £30,000 for a fixed amount or £15,000 in the case of a daily periodic penalty.
Competition requirements include:
- breach of a conduct requirement;
- breach of an enforcement order relating to a conduct investigation; breach of a PCI order; or
- breach of commitments given by a Designated Undertaking.
In addition, the CMA can also impose a penalty where the Designated Undertakings Group has failed to notify a merger event within the meaning of Chapter 5 of the Bill without reasonable excuse.
The DMCC Bill also provides certain appeal rights to persons affected by the CMA’s decisions in exercise of its digital functions. In relation to CMA decisions, affected parties can apply to the Competition Appeal Tribunal (CAT), but in determining an application, the CAT must apply judicial review standard. This is a much stricter standard than the full merit appeal standard allowed in Competition Act 1998 cases.
Private Rights of Action
A key piece of the legislation is the wide-ranging rights of private action given to parties which have suffered loss and damage by reason of a breach of a relevant requirement under the DMCC Bill. Any aggrieved person who has suffered loss and damage due to the breach of a relevant requirement by a Designated Undertaking can sue in the courts for damages as a breach of statutory duty. Relevant requirements for the purposes of the legislation are a breach of a conduct requirements, breach of a PCI or breach of commitments. The legislation makes clear that a CMA breach decision taken in exercise of its digital functions is binding upon the courts once any appeal procedure has been exhausted. This legislation is likely to see an explosion of follow-on actions as the CMA’s case law develops. Big Tech companies are going to be particularly exposed to collective proceedings for breach under the DMCC Bill as most of the breach orders are likely to be consumer-related, lending themselves to large-scale class action awards.
CMA Investigative Powers and Penalties
The DMCC Bill provides the CMA with wide powers to exercise its digital functions under the legislation. The CMA has the power to require Designated Undertakings to provide information or to perform a test or demonstration by notice. It can use its powers under Clause 69 to access premises, equipment, services or information or persons to obtain information or to observe Designated Undertakings perform a test if the undertaking in question has not previously compiled with an earlier information request. They also have the power to interview relevant persons of a Designated Undertaking. They are also given wide powers to enter premises in a Conduct Breach Investigation with or without warrant.
These powers are backed up by a series of civil penalties which for companies are a maximum fine of up to 1% of worldwide turnover or up to 5% periodic daily rate of group turnover. For individuals, the maximum fines are £30,000 or up to £15,000 periodic daily rate
The DMCC Bill also provides for several criminal offences in Clauses 91-93 including destroying or falsifying information, providing false or misleading information and obstructing the CMA in an investigation. The maximum penalties here are an unlimited fine or up to two years imprisonment. In the event of an offence the CMA has a choice whether to proceed via imposing civil penalties or applying to the court to impose criminal sanctions. However, the CMA cannot seek civil penalties if a company or individual has been found guilty of a similar criminal offence.
Conclusion
The DMCC Bill is likely to revolutionize the regulation of Big Tech in the U.K. The Bill is far more flexible than its EU counterpart and is likely to lead faster and more effective decisions for this sector. Backed up by substantial penalties and extensive rights to bring private actions for damages, this is likely to make Big Tech sit up and take notice. If private actions develop like those under the Competition Act 1998, there is going to be a considerable increase in regulatory litigation as a result.